Socialize with FBConnect

FBWhat?

According to Facebook, "Facebook Connect is a powerful set of APIs for
developers that lets users bring their identity and connections
everywhere." The idea is quite similar to OAuth or Yahoo's BBauth, but
with a Facebook flavor.

Why would you need it? The simple scenario: you can use it like a
bizarro OpenID, until Facebook becomes an OpenID provider :) Some of you
will just want this: "Allow people to authenticate on my website using
their Facebook account."

But once the user is authenticated, your Catalyst app may also access
the Facebook API using your user's credentials. Assuming she gives you
permission, you can do all kinds of tricks, like getting the list of
friends, avatar, and more.

I want it, what now?

First of all, you need to signup as a developer and get an API Key, a
Secret, and an Application Name. You'll need these to use Facebook
Connect in Catalyst. Do your thing at
http://developers.facebook.com and come back with the info.

Setting it up

If you use the FBConnect credential to authenticate, you don't even need
a database in your app. But most of the time you'll want to associate
the Facebook user with a local user, and allow users to also authenticate
the standard, password-based way. That's why we'll need two realms,
facebook and dbic.

The user table should have some columns for holding the external credential
info, if you want to associate the two. We're using credential_identifier
to hold the Facebook uid. If you're using multiple external authentication
systems (like OpenID or OAuth) it would be a good idea to specify the source
for this particular credential in ( credential_source ).

The login action

The logic is simple: the first time you call $c->authenticate for
the facebook realm, the user will be redirected to the Facebook
login page. Once she manages to authenticate there, she will be sent
back by Facebook to our application (in the same action), but
accompanied by an auth_token. When authenticate is called this
time, the user is authenticated and $c->user is created with the
session information. All this logic is abstracted away inside the
credential.

Once she's authenticated with FBConnect, she'll either register or
login (hence find_or_create) in our internal user database. After
that we'll just use the familiar API to reauthenticate the user in the
dbic realm.